How can I use TCPDump on Unix to view messages sent to a specific multicast address?

Question

I'm trying to view traffic transmitted to a specific multicast address on a network in order to analyze a protocol we're using.

I don't have Wireshark available on the setup (unfortunately). TCPDump is available though. So, can anyone show me a command have TCPDump filter to only view messages transmitted to a secific multicast group address?

Anyone want to leave a comment for the close vote? I think it's a pretty valid question. — John Humphreys, Oct 28 '11 at 16:24
I voted to close as off-topic. This isn't a programming problem. I'm certain you'll get better answers over at superuser.com — Robᵩ, Oct 28 '11 at 16:56

score 53 · Accepted Answer · answered Oct 28 '11 at 16:49

53

I believe this should be enough for a specific group:

tcpdump -i eth0 -s0 -vv host 239.255.255.250

All multicast traffic:

tcpdump -i eth0 -s0 -vv net 224.0.0.0/4

answered Oct 28 '11 at 16:49

Anders Lindahl

41,582
9
89
93

2

This is only true for IPv4. – bot47 Sep 11 '18 at 16:17
10

`tcpdump -v multicast and not broadcast` – Alec Istomin Apr 01 '20 at 06:26

How can I use TCPDump on Unix to view messages sent to a specific multicast address?

1 Answers1